Hi,
I'm building a website that should authenticate to an LDAP server which
is not maintained by myself. Authentication requires an 'ldap-attribute'
to limit the amount of users than can log in. In addition to that, I'd
like to create groups that consist of LDAP users defined in a
htgroup-file.
My configuration looks like this:
<Directory /path/to/docroot/>
AuthName "LDAP authentication"
AuthType Basic
AuthBasicProvider ldap file
AuthLDAPURL ldaps://xxxx.xx.xx/o=uu?uuShortId
Require ldap-attribute foo="bar"
AuthzLDAPAuthoritative off
AuthGroupFile /tmp/htgroup
AuthzGroupFileAuthoritative on
Require valid-user
Require group wOOt
Satisfy Any
</Directory>
(I obfuscated the path to the docroot, the ldap server address, the
ldap-attribute and the group defined in /tmp/htgroup).
My personal LDAP account does not contain the "foo=bar" attribute, but
it is part of group "wOOt" (defined in /tmp/htgroup).
Both authentication models work as I use them as the only method, but
when I add two methods and "Satisfy Any" I'm not asked for authentication.
I think my problem may be similar to this posting:
http://mail-archives.apache.org/mod_mbox/httpd-users/200901.mbox/%3c497883CF0200001B0005C01F@xxxxxxxxxxxxxxxxxxxxxxx%3e
Unfortunately that posting doesn't have a definitive solution.
Any ideas are welcome!
--
Met vriendelijke groet,
Maarten te Paske
Systeemgroep Wijsbegeerte
Attachment:
pgplUz6Iak8fJ.pgp
Description: PGP signature
|